Abstract:
Universities in Eastern Uganda increasingly rely on digital systems for teaching, learning, and
administration, yet they face persistent cyber threats such as phishing, malware, and application-level
attacks. These challenges are intensified by limited computational resources, weak network infrastructure,
insufficient funding, and shortages of skilled IT personnel. Most existing intrusion detection and response
systems (IDS) are highly complex and resource-intensive, making them impractical for these institutions.
This study addressed that gap by designing and testing a lightweight, rule-based cyber incident detection
and response algorithm specifically tailored for resource-constrained universities. These constraints
include limited budgets, aging servers and software, few qualified IT staff, and low-capacity,
intermittently reliable ISP connectivity typical of remote campuses, which together restrict deployment of
enterprise security solutions. A hybrid research approach combining qualitative and quantitative
techniques was employed, using Design Science Method (DSM) to guide the structured development,
demonstration, and evaluation of the algorithm. Data was gathered from five universities to establish
contextual threats and system constraints, while simulation experiments were conducted to evaluate the
algorithm’s effectiveness under realistic attack scenarios.
The resulting system was modular and adaptive, implemented with a PHP-MySQL backend and an
administrative dashboard for IT staff. It focused on detecting SQL injections, fake bots, and header
tampering, while a correlation engine linked events into multi-stage attack chains. Results demonstrated
detection accuracy above 92%, precision above 91%, and median response times below 100 ms, sustaining
up to 450 requests per second before degradation. Compared to Snort, the algorithm achieved higher
precision and lower resource use, though Snort maintained slightly higher recall.
This work demonstrates that lightweight, resource-efficient detection systems can significantly strengthen
cybersecurity in low-capacity university environments. It further extends the application of the Defensein-Depth
model and Resource-Based View theory by aligning cybersecurity design with available
institutional capabilities and infrastructure limitations.
